summaryrefslogtreecommitdiff
path: root/source
diff options
context:
space:
mode:
Diffstat (limited to 'source')
-rw-r--r--source/pdf/pdf-crypt.c25
1 files changed, 11 insertions, 14 deletions
diff --git a/source/pdf/pdf-crypt.c b/source/pdf/pdf-crypt.c
index 7150f66e..2e31f356 100644
--- a/source/pdf/pdf-crypt.c
+++ b/source/pdf/pdf-crypt.c
@@ -353,7 +353,7 @@ pdf_compute_encryption_key(fz_context *ctx, pdf_crypt *crypt, unsigned char *pas
int i, n;
fz_md5 md5;
- n = crypt->length / 8;
+ n = fz_clampi(crypt->length / 8, 0, 16);
/* Step 1 - copy and pad password string */
if (pwlen > 32)
@@ -569,12 +569,14 @@ pdf_compute_encryption_key_r6(fz_context *ctx, pdf_crypt *crypt, unsigned char *
static void
pdf_compute_user_password(fz_context *ctx, pdf_crypt *crypt, unsigned char *password, size_t pwlen, unsigned char *output)
{
+ int n = fz_clampi(crypt->length / 8, 0, 16);
+
if (crypt->r == 2)
{
fz_arc4 arc4;
pdf_compute_encryption_key(ctx, crypt, password, pwlen, crypt->key);
- fz_arc4_init(&arc4, crypt->key, crypt->length / 8);
+ fz_arc4_init(&arc4, crypt->key, n);
fz_arc4_encrypt(&arc4, output, padding, 32);
}
@@ -584,9 +586,7 @@ pdf_compute_user_password(fz_context *ctx, pdf_crypt *crypt, unsigned char *pass
unsigned char digest[16];
fz_md5 md5;
fz_arc4 arc4;
- int i, x, n;
-
- n = crypt->length / 8;
+ int i, x;
pdf_compute_encryption_key(ctx, crypt, password, pwlen, crypt->key);
@@ -649,17 +649,16 @@ pdf_authenticate_user_password(fz_context *ctx, pdf_crypt *crypt, unsigned char
static int
pdf_authenticate_owner_password(fz_context *ctx, pdf_crypt *crypt, unsigned char *ownerpass, size_t pwlen)
{
+ int n = fz_clampi(crypt->length / 8, 0, 16);
+
if (crypt->r == 2)
{
unsigned char pwbuf[32];
- unsigned char key[32];
+ unsigned char key[16];
unsigned char userpass[32];
- int n;
fz_md5 md5;
fz_arc4 arc4;
- n = crypt->length / 8;
-
if (pwlen > 32)
pwlen = 32;
memcpy(pwbuf, ownerpass, pwlen);
@@ -678,15 +677,13 @@ pdf_authenticate_owner_password(fz_context *ctx, pdf_crypt *crypt, unsigned char
if (crypt->r == 3 || crypt->r == 4)
{
unsigned char pwbuf[32];
- unsigned char key[32];
+ unsigned char key[16];
unsigned char xor[32];
unsigned char userpass[32];
- int i, n, x;
+ int i, x;
fz_md5 md5;
fz_arc4 arc4;
- n = crypt->length / 8;
-
if (pwlen > 32)
pwlen = 32;
memcpy(pwbuf, ownerpass, pwlen);
@@ -699,7 +696,7 @@ pdf_authenticate_owner_password(fz_context *ctx, pdf_crypt *crypt, unsigned char
for (i = 0; i < 50; i++)
{
fz_md5_init(&md5);
- fz_md5_update(&md5, key, 16);
+ fz_md5_update(&md5, key, n);
fz_md5_final(&md5, key);
}